for all things useless

Main menu

Post navigation

Exim & Dovecot mailserver with Active Directory

Following on from getting Debian working with Active Directory for account authorisation I had need to set up Exim with Dovecot for a mail server. Obviously I want to use the Active Directory to keep all the accounts as before, but I also want it to keep all my email aliases.

To make use of LDAP/Active Directory you will need to use the exim4-daemon-heavy package, not exim4-daemon-light as it has no LDAP support. I also set Exim to use the “multiple configuration files” option.

Dovecot

Dovecot is largely straight forward. Dovecot will use PAM and we have already got this working off the AD servers. We only want the IMAP server, so we installed the dovecot-imapd package with apt.

We have the following options specifically set in /etc/dovecot/dovecot.conf

ssl = required # requires either SSL or STARTTLS to be used. No unencrypted connections
mail_location = maildir:~/Maildir # if you use maildirs this forces their use
passdb pam {
args = session=yes dovecot # this makes dovecot create the home directory
}

You will need to restart Dovecot to apply these changes.

Exim

Using Dovecot’s deliver

Exim can use Dovecot’s delivery program which will automatically create the indexes that it uses. It is not required, but if you are using mbox (not maildir) there can be a delay as it rebuilds indexes after email delivery. There is less of a benefit when you’re using Maildir though

Create a file called /etc/exim4/conf.d/transport/30_exim4-config_dovecot_delivery with the contents:

Then edit /etc/exim4/update-exim4.conf.conf and modify the dc_localdelivery entry:

dc_localdelivery='dovecot_delivery'

You will then need to issue the command

update-exim4.conf

This will update the configuration and Exim should then use this without a restart.

Keeping email aliases in AD

This one took a bit of figuring out and I found only pieces from other people.

Active Directory setup

We are using Windows 2008 and this does not require us to add anything to the AD to support this

Using the Active Directory Users and Groups tool if you edit a user’s information and go to the Attribute Editor tab you can scroll to the otherMailbox entry. Editing this allows you to add and remove email addresses to the list. I use full email addresses, but I imagine it may work fine with simple usernames also

Exim configuration

A couple of configuration files are needed here. Firstly you need a file with all your LDAP configuration for which I create the file /etc/exim4/conf.d/main/04_exim4-config_ldap which contains:

Obviously you need to update your own values. Multiple AD servers can be specified separated by :. You will also need to make an LDAP account with limited privileges to be able to enumerate the aliases. It only needs to have limited access, but I’m afraid I won’t be covering the set up of this here.

The second file you need is /etc/exim4/conf.d/router/450_exim4-config_ldap_aliases and should contain: